Metasploit mailing list archives
Metasploit vs ANI
From: thomas.werth at vahle.de (Thomas Werth)
Date: Wed, 04 Apr 2007 08:59:46 +0200
user32.dll is version 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) instruction in user32.dll around 0x77d525ba looks like this 77D525B3 mov ebx, [esi+0DCh] 77D525B9 test ebx, ebx 77D525BB mov [ebp+arg_0], eax seems like this user32.dll doesn't find to what metasploit opcode db prints out . mmiller at hick.org schrieb:
What version of user32.dll do you have? What is the instruction at 77d525ba? The partial overwrite is succeeding, but it appears you have something other than a call [ebx+4] at this location. On Wed, Apr 04, 2007 at 08:26:44AM +0200, Thomas Werth wrote:ok here are details msf 3 latested updates running on bt2 hd install. Using win/shell/bind_tcp payload Test vmware windows xp sp2 german no ani patch installed, running as admin . Using ollydgb on ie . WinXp connects to given msf random uri as soon as msf shows ready signals. Ollydg is catching on error : EAX ED40601B ECX 7C92056D ntdll.7C92056D EDX 00000000 EBX 0012DF80 ESP 0012DECC EBP FED47515 ESI 0012DEFC ASCII "anih$" EDI 0012DECC EIP 77D525BA USER32.77D525BA C 0 ES 0023 32bit 0(FFFFFFFF) P 1 CS 001B 32bit 0(FFFFFFFF) A 0 SS 0023 32bit 0(FFFFFFFF) Z 1 DS 0023 32bit 0(FFFFFFFF) S 0 FS 003B 32bit 7FFDF000(FFF) T 0 GS 0000 NULL D 0 O 0 LastErr ERROR_INVALID_PARAMETER (00000057) EFL 00010246 (NO,NB,E,BE,NS,PE,GE,LE) ST0 empty -??? FFFF 0084837B 6B84837B ST1 empty -??? FFFF 00000000 6B000000 ST2 empty -??? FFFF 00000084 0083007B ST3 empty -??? FFFF 00000084 0083007B ST4 empty -??? FFFF 6B84837B 6B84837B ST5 empty -??? FFFF 00000084 0083007B ST6 empty 1.0000000000000000000 ST7 empty 1.0000000000000000000 3 2 1 0 E S P U O Z D I FST 4000 Cond 1 0 0 0 Err 0 0 0 0 0 0 0 0 (EQ) FCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1
--
------------------------------------------------------------------------
*Paul Vahle GmbH & Co. KG
Westicker Strasse 52
D-59174 Kamen
www.vahle.de*
Dipl. Informatiker
Thomas Werth
Abteilung TDV
Fon 0 23 07 / 7 04- 366
Fax 0 23 07 / 7 04- 444
thomas.werth at vahle.de
Gesch?ftsf?hrer: Josef H?tte, Dipl.-Kfm. Dirk Korn, Dipl.-Ing. Michael
Pavlidis
Sitz der Gesellschaft: Kamen - Amtsgericht Hamm - HRA 2586
------------------------------------------------------------------------
Current thread:
- Metasploit vs ANI, (continued)
- Metasploit vs ANI Saad Kadhi (Apr 02)
- Metasploit vs ANI H D Moore (Apr 02)
- Metasploit vs ANI Nicolas RUFF (Apr 02)
- Metasploit vs ANI mmiller at hick.org (Apr 02)
- Metasploit vs ANI H D Moore (Apr 02)
- Metasploit vs ANI Giorgio Casali (Apr 03)
- Metasploit vs ANI Thomas Werth (Apr 03)
- Metasploit vs ANI mmiller at hick.org (Apr 03)
- Metasploit vs ANI Thomas Werth (Apr 03)
- Metasploit vs ANI mmiller at hick.org (Apr 03)
- Metasploit vs ANI Thomas Werth (Apr 03)
- Metasploit vs ANI mmiller at hick.org (Apr 04)
- Metasploit vs ANI Thomas Werth (Apr 04)
- Metasploit vs ANI H D Moore (Apr 04)
- Metasploit vs ANI H D Moore (Apr 04)
- Metasploit vs ANI Fabrice MOURRON (Apr 04)
- Metasploit vs ANI security (Apr 05)
- Metasploit vs ANI Jerome Athias (Apr 05)
- Metasploit vs ANI security (Apr 05)
- Metasploit vs ANI Thomas Werth (Apr 11)
- Metasploit vs ANI Donnie Werner (Apr 05)